CN111325545B - Key management method, device and equipment based on blockchain - Google Patents

Key management method, device and equipment based on blockchain Download PDF

Info

Publication number
CN111325545B
CN111325545B CN201811526859.0A CN201811526859A CN111325545B CN 111325545 B CN111325545 B CN 111325545B CN 201811526859 A CN201811526859 A CN 201811526859A CN 111325545 B CN111325545 B CN 111325545B
Authority
CN
China
Prior art keywords
key
characters
user password
hash value
blockchain system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811526859.0A
Other languages
Chinese (zh)
Other versions
CN111325545A (en
Inventor
王凯斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Wodong Tianjun Information Technology Co Ltd
Priority to CN201811526859.0A priority Critical patent/CN111325545B/en
Publication of CN111325545A publication Critical patent/CN111325545A/en
Application granted granted Critical
Publication of CN111325545B publication Critical patent/CN111325545B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the invention provides a key management method, device and equipment based on a blockchain, wherein the method comprises the following steps: the block chain system determines N characters in the first key to be stored, wherein N is an integer greater than 1; the blockchain system generates a user password according to the N characters and the positions of the N characters in the first key; and the blockchain system determines key information corresponding to the first key according to the user password and the first key, and stores the key information. The security of key management is improved.

Description

Key management method, device and equipment based on blockchain
Technical Field
The embodiment of the invention relates to the field of information security, in particular to a key management method, device and equipment based on a blockchain.
Background
Currently, with the continuous development of internet technology, the use of keys is becoming more and more widespread. For example, the important data may be encrypted by a key, the digital voucher (or billing voucher) may be transacted by a key, and so on.
In the prior art, a user typically stores a key in a personal device (such as a mobile phone, a computer, etc.), and after the personal device accesses the internet, when the personal device is attacked, the key stored in the personal device is stolen, thereby causing a loss to the user. As described above, the security of key management in the prior art is low.
Disclosure of Invention
The embodiment of the invention provides a key management method, device and equipment based on a blockchain, which improves the security of key management.
In a first aspect, an embodiment of the present invention provides a blockchain-based key management method, including:
the block chain system determines N characters in the first key to be stored, wherein N is an integer greater than 1;
the blockchain system generates a user password according to the N characters and the positions of the N characters in the first key;
and the blockchain system determines key information corresponding to the first key according to the user password and the first key, and stores the key information.
In one possible implementation manner, the blockchain system determines key information corresponding to the first key according to the user password and the first key, and includes:
the blockchain system removes N characters from the first key to be stored to obtain a second key;
the blockchain system acquires a first hash value of the first key and a second hash value of the user password;
the blockchain system determines that the key information includes the first hash value, the second hash value, and the second key.
In one possible implementation, generating the user password according to the N characters and the positions of the N characters in the first key includes:
the blockchain system acquires the position identifiers of the N characters in the first key;
and the blockchain system generates the user password according to the N characters and the position identifiers corresponding to the N characters.
In one possible implementation manner, the blockchain system generates the user password according to the N characters and the location identifiers corresponding to the N characters, and includes:
and the blockchain system combines the N characters and the position identifiers corresponding to the N characters to obtain the user password.
In one possible embodiment, the method further comprises:
the blockchain system receives a first user password input by a user;
the blockchain system determines the first key according to the first user password and the key information corresponding to the first key.
In one possible implementation, the blockchain system determines the first key according to the first user password and the key information corresponding to the first key, including:
The blockchain system generating a third hash value of the first user password;
and when the third hash value is the same as the second hash value in the key information, the blockchain system determines the first key according to the first user password and the key information corresponding to the first key.
In one possible implementation, the blockchain system determines the first key according to the first user password and key information corresponding to the first key, including:
the blockchain system determines at least one piece of prediction filling information according to the first user password, wherein each piece of prediction filling information comprises N pieces of prediction characters and a position identifier of each prediction character in the first key;
the blockchain system determines at least one third key according to the at least one prediction padding information and the second key in the key information;
the blockchain system determines the first key according to the at least one third key and a first hash value in the key information.
In one possible implementation, the blockchain system determines the first key from the at least one third key and the first hash value, including:
The blockchain system acquires a hash value of each third key;
the blockchain system determines a third key having a hash value that is the same as the first hash value as the first key.
In a second aspect, an embodiment of the present invention provides a blockchain-based key management device, including a first determining module, a generating module, a second determining module, and a storage module, where,
the first determining module is used for determining N characters in the first key to be stored, wherein N is an integer greater than 1;
the generation module is used for generating a user password according to the N characters and the positions of the N characters in the first secret key;
the second determining module is used for determining key information corresponding to the first key according to the user password and the first key;
the storage module is used for storing the key information.
In one possible implementation manner, the second determining module is specifically configured to:
removing N characters from the first key to be stored to obtain a second key;
acquiring a first hash value of the first key and a second hash value of the user password;
determining that the key information includes the first hash value, the second hash value, and the second key.
In one possible implementation manner, the generating module is specifically configured to:
acquiring the position identifiers of the N characters in the first key;
and generating the user password according to the N characters and the position identifiers corresponding to the N characters.
In one possible implementation manner, the generating module is specifically configured to:
and combining the N characters and the position identifiers corresponding to the N characters to obtain the user password.
In a possible embodiment, the apparatus further comprises a receiving module and a third determining module, wherein,
the receiving module is used for receiving a first user password input by a user;
the third determining module is configured to determine the first key according to the first user password and the key information corresponding to the first key.
In one possible implementation manner, the third determining module is specifically configured to:
generating a third hash value of the first user password;
and when the third hash value is the same as the second hash value in the key information, determining the first key according to the first user password and the key information corresponding to the first key.
In one possible implementation manner, the third determining module is specifically configured to:
Determining at least one piece of prediction filling information according to the first user password, wherein each piece of prediction filling information comprises N pieces of prediction characters and a position identifier of each prediction character in the first key;
determining at least one third key from the at least one predicted population information and the second key in the key information;
and determining the first key according to the at least one third key and the first hash value in the key information.
In one possible implementation manner, the third determining module is specifically configured to:
obtaining a hash value of each third key;
and determining a third key with the same hash value as the first key.
In a third aspect, an embodiment of the present invention provides a blockchain-based key management device, including: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing computer-executable instructions stored in the memory causes the at least one processor to perform the blockchain-based key management method of any of the first aspects.
In a fourth aspect, an embodiment of the present invention provides a computer readable storage medium, where computer executable instructions are stored, and when executed by a processor, implement the blockchain-based key management method according to any of the first aspects.
According to the key management method, the device and the equipment based on the blockchain, N (N is an integer larger than 1) characters are determined in a first key to be stored, and a user password is generated according to the N characters and the positions of the N characters in the first key; and determining key information corresponding to the first key according to the user password and the first key, and storing the key information. In the above process, the N characters are randomly selected from the first key, so that the first key is difficult to crack according to the second key, and the first hash value and the second hash cannot be cracked, so that the security of key management is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1A is a block chain-based key management method architecture diagram according to an embodiment of the present invention;
FIG. 1B is a block chain based key management method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a block chain-based key management method according to an embodiment of the present invention;
FIG. 3 is a flowchart of another block chain based key management method according to an embodiment of the present invention;
FIG. 4 is a flowchart of another block chain based key management method according to an embodiment of the present invention;
FIG. 5 is a flowchart of another block chain based key management method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a block chain-based key management device according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of another block chain based key management device according to an embodiment of the present invention;
fig. 8 is a schematic hardware structure diagram of a key management device based on blockchain according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1A is a schematic diagram of a block chain-based key management method according to an embodiment of the present invention. Fig. 1B is a block diagram of another key management method according to an embodiment of the present invention.
Referring to fig. 1A, when a first key needs to be stored, a user password of the first key may be obtained, key information of the first key is determined according to the first key and the user password, the key information is stored, and the user password is memorized by the user. The user password is typically brief, e.g., the user password may be 5 bits, 6 bits, 7 bits, etc. The key information may include a first hash value of the first key, a second hash value of the user password, and a second key, and the second key may be a key obtained by removing N (N is an integer greater than 1) characters from the first key.
Referring to fig. 1B, when a user needs to acquire a first key, the user may input a user password, and determine to obtain the first key according to the user password input by the user and key information of the first key.
In the application, the N characters are randomly selected from the first key, so that the first key is difficult to crack according to the second key, and the first hash value and the second hash cannot be cracked, so that the security of the first key storage can be improved by storing the key information of the first key. When the user needs to acquire the first key, the user can acquire the first key according to the memorized user password, so that the user can acquire the first key conveniently. From the above, the key management method disclosed by the application improves the security of key management.
The technical scheme shown in the application is described in detail through specific embodiments. It should be noted that the following embodiments may be combined with each other, and for the same or similar matters, the description will not be repeated in different embodiments.
Fig. 2 is a flowchart of a key management method based on blockchain according to an embodiment of the present invention. Referring to fig. 2, the method may include:
s201, the blockchain system determines N characters in a first key to be stored.
Wherein N is an integer greater than 1.
Alternatively, the first key may be a key of a digital certificate, or the first key may be a key for encrypting important data, or the like.
Alternatively, the first key may be 256 bits, 128 bits, 64 bits, etc. in length.
Alternatively, the characters in the first key may be binary characters, or the characters in the first key may be octal characters, or the characters in the second key may also be 16-ary characters, or the like.
Alternatively, N may be 2,3,4, etc. Wherein the larger N, the higher the security of key management.
Of course, in the practical application process, the size of N may be set according to actual needs, which is not specifically limited in the embodiment of the present invention.
Alternatively, N characters may be randomly selected in the first key.
S202, the blockchain system generates a user password according to N characters and the positions of the N characters in the first key.
Wherein the user password is a password for memorizing by the user, and the length of the user password is generally short. For example, the user password may be 5 bits, 6 bits, 7 bits, etc. in length.
Optionally, the length of the user password is generally related to the length of the first key, the size of N, the location of N characters in the first key.
For example, the larger N, the longer the length of the first key, the larger the position identification of the character in the first key, and the longer the length of the first key.
Alternatively, the user password may be generated by the following possible implementation:
acquiring the position identifiers of N characters in a first secret key; and generating a user password according to the N characters and the position identifications corresponding to the N characters.
Optionally, the location identifier of the character in the first key refers to what character is in the first key.
For example, assuming that the length of the first key is 256, the location identification may be any number from 1 to 256.
Optionally, the N characters and the position identifiers corresponding to the N characters may be combined to obtain the user password.
Optionally, the N characters and the position identifiers corresponding to the N characters may be combined according to a preset combination rule, so as to obtain the user password.
Alternatively, the combination rule may be: the position identification of the first character + the second character + … … + the position identification of the nth character + the nth character.
For example, assuming that the first key is 1101000000101010 … …, N is 2, and assuming that n=2 characters are character 0 in bit 8 and character 1 in bit 11, it can be determined that the user password is obtained according to the combination rule: 80111.
alternatively, the combination rule may be: the position identification of the first character + the position identification of the second character + … … + the position identification of the nth character + the first character + the second character + … … + the nth character.
For example, assuming that the first key is 1101000000101010 … …, N is 2, and assuming that n=2 characters are character 0 in bit 8 and character 1 in bit 11, it can be determined that the user password is obtained according to the combination rule: 81101.
it should be noted that, the foregoing illustrates the combination rule by way of example only, and is not limited to the combination rule, and in the practical application process, the combination rule may be set according to the actual needs, which is not particularly limited in the embodiment of the present invention.
Optionally, in the process of combining the N characters and the position identifiers corresponding to the N characters according to the combination rule, the N characters and the position identifiers corresponding to the N characters may also be processed.
For example, the N characters may be subjected to inversion processing, 1-adding processing for the N characters, 1-adding processing for the position identifier, or the like.
For example, assume that the preset rule is: the position identification of the first character + the second character + … … + the position identification of the nth character + the nth character. The N characters need to be inverted during the combining process. Assuming that the first key is 1101000000101010 … …, N is 2, and assuming that n=2 characters are character 0 and 1 in bit 8, it can be determined from the combination rule and the above processing that the user password is: 81110.
s203, the blockchain system determines key information corresponding to the first key according to the user password and the first key, and stores the key information.
Optionally, the key information is information for recovering the first key in combination with the user password. That is, the first key can be uniquely recovered from the user password and the key information.
Alternatively, the key information corresponding to the first key may be determined according to the user password and the first key through the following possible implementation manners:
N characters are removed from a first key to be stored, a second key is obtained, a first hash value of the first key and a second hash value of a user password are obtained, and key information including the first hash value, the second hash value and the second key is determined.
Alternatively, the first hash value of the first key and the second hash value of the second key may be generated by a hashing algorithm.
Since the selection of the N characters is random, the second key obtained after removing the N characters from the first key is also random, and thus it is difficult to crack the first key from the second key.
According to the key management method based on the blockchain, N (N is an integer larger than 1) characters are determined in a first key to be stored, and a user password is generated according to the N characters and the positions of the N characters in the first key; and determining key information corresponding to the first key according to the user password and the first key, and storing the key information. In the above process, the N characters are randomly selected from the first key, so that the first key is difficult to crack according to the second key, and the first hash value and the second hash cannot be cracked, so that the security of key management is improved.
The method illustrated in the embodiment of fig. 2 will be described in further detail below by way of the embodiment illustrated in fig. 3.
Fig. 3 is a flowchart of another block chain-based key management method according to an embodiment of the present invention. Referring to fig. 2, the method may include:
s301, the blockchain system determines N characters in a first key to be stored.
Wherein N is an integer greater than 1.
S302, the blockchain system generates a user password according to N characters and the positions of the N characters in the first key.
It should be noted that, the execution process of S301-S302 may refer to the execution process of S201-S202, and will not be described herein.
S303, removing N characters in the first key to be stored by the blockchain system to obtain a second key.
S304, the block chain system acquires a first hash value of the first key.
Alternatively, the first hash value of the first key may be generated by a hash algorithm.
S305, the block chain system acquires a second hash value of the user password.
Alternatively, the second hash value of the second key may be generated by a hashing algorithm.
S306, the blockchain system determines that the key information comprises a first hash value, a second hash value and a second key, and stores the key information.
In the embodiment shown in fig. 3, N characters are randomly selected from the first key, so that the first key is difficult to crack according to the second key, and the first hash value and the second hash cannot be cracked, so that the security of key management is improved.
The method illustrated in the embodiment of fig. 2-3 will now be described in detail by way of specific examples.
Example 1, assume that the first key (256 bits) is:
0000100110000010010001000000001000010000000000110000000000000000000001111000000000011111000000000000110000000000000010000100000100100100100000010010000000000000000010000000000100000000001000000000000000100000000000000000010001000001000010000000100000100001
when the first key is stored, n=2 characters are randomly selected in the first key. Assuming that the selected n=2 characters are 1 in the 8 th bit and 0 in the 11 th bit, a user password 81110 is generated according to a preset combination rule, and the user is prompted to memorize the user password.
The 2 characters are removed from the first key to obtain a second key (254 bits), the second key being:
00001001000010010001000000001000010000000000110000000000000000000001111000000000011111000000000000110000000000000010000100000100100100100000010010000000000000000010000000000100000000001000000000000000100000000000000000010001000001000010000000100000100001
generating a hash value 1 of the first key through a hash algorithm, generating a hash value 2 of the user password through the hash algorithm, determining that the key information comprises the hash value 1, the hash value 2 and the second key, and storing the key information.
From the above, in the stored key information, the first key cannot be obtained by hash value 1, and the user password cannot be obtained by hash value 2. Since n=2 characters are randomly selected in the first key, it is difficult to recover the first key from the second key, and thus, the security of key management is improved.
On the basis of any of the above embodiments, when the user needs to obtain the first key, the first key may be obtained through the following possible implementation manners, and specifically, please refer to the embodiment shown in fig. 4.
Fig. 4 is a flowchart of another block chain-based key management method according to an embodiment of the present invention. Referring to fig. 4, the method may include:
s401, the blockchain system receives a first user password input by a user.
Optionally, the first user password is a user password generated by the embodiment of fig. 2-3, and is memorized by the user.
S402, the blockchain system determines the first key according to the first user password and key information corresponding to the first key.
The key information is determined according to a first key and a second user password, the second user password is determined according to N characters in the first key and positions of the N characters in the first key, and N is an integer larger than 1.
Optionally, the key information includes a first hash value, a second hash value and a second key, where the first hash value is a hash value of the first key, the second hash value is a hash value of the second user password, and the second key is a key obtained by removing N characters from the first key.
It should be noted that, the key information generating process may refer to the embodiments shown in fig. 2-3, and will not be described herein.
Optionally, whether the first user password input by the user is correct or not may be judged first, and when the first user password input by the user is correct, the first key is determined according to the first user password and the key information corresponding to the first key.
Alternatively, whether the first user password input by the user is correct may be determined by the following possible implementation manners: and generating a third hash value of the first user password, judging whether the third hash value is the same as the second hash value in the key information, if so, determining that the first user password input by the user is correct, and if not, determining that the first user password input by the user is incorrect.
Alternatively, the following possible implementation may be adopted: determining a first key according to the first user password and key information corresponding to the first key:
at least one predictive padding information is determined based on the first user password, each predictive padding information comprising N predictive characters and a location identification of each predictive character in the first key, at least one third key is determined based on the at least one predictive padding information and the second key, and the first key is determined based on the at least one third key and the first hash value.
Alternatively, the at least one prediction padding information may be determined according to the first user password and a preset combination rule.
For example, assume that the combining rule is: the predicted padding information that can be determined according to the combination rule and the first user password assuming that the first user password is 81110 includes: prediction padding information 1: {8:1, 11:0}, prediction padding information 2: {81:1,1:0}.
The predictive padding information 1 indicates that the character to be padded is 1 in bit 8 and 0 in bit 11 in the first key. The predictive padding information 2 indicates that the character to be padded is 1 in bit 81 and 0 in bit 1 in the first key.
Optionally, the second key may be filled according to the obtained prediction filling information, so as to obtain at least one third key.
For example, assume that the two padding information determined to be obtained include: prediction padding information 1: {8:1, 11:0}, prediction padding information 2: {81:1,1:0}. For predictive padding information 1, a third key may be obtained by padding 1 between bits 7 and 8 and 0 between bits 10 and 11 in the second key. For predictive padding information 2, one may pad 1 before bit 1 in the second key and pad 0 between bits 80 and 81, resulting in another third key.
Alternatively, after obtaining at least one third key, a hash value of each third key may be obtained, and a third key having the same hash value as the first hash value may be determined as the first key.
In the embodiment shown in fig. 4, for the first key, key information of the first key is stored, and a user key corresponding to the first key is memorized by the user. The first secret key is difficult to crack according to the secret key information, so that the safety of secret key management is improved. Further, when the user needs to acquire the first key, the first key can be acquired according to the short user password, so that the convenience of key management is higher.
The embodiment shown in fig. 4 will be described in further detail below with the embodiment shown in fig. 5 on the basis of the embodiment shown in fig. 4.
Fig. 5 is a flowchart of another block chain-based key management method according to an embodiment of the present invention. Referring to fig. 5, the method may include:
s501, the blockchain system receives a first user password corresponding to a first key input by a user.
S502, the blockchain system acquires key information corresponding to the first key, wherein the key information comprises a first hash value, a second hash value and a second key.
The first hash value is the hash value of the first key, the second hash value is the hash value of the second user password, and the second key is the key obtained by removing N characters from the first key. The second user password is determined according to N characters in the first key and the positions of the N characters in the first key.
S503, the block chain system generates a third hash value of the first user password.
Alternatively, the third hash value of the first user password may be generated by a hash algorithm.
S504, the block chain system judges whether the third hash value is the same as the second hash value.
If yes, S505 is executed.
If not, S509 is performed.
S505, the blockchain system determines at least one prediction filling information according to the first user password.
Wherein each prediction padding information comprises N predicted characters and a location identification of each predicted character in the first key.
It should be noted that, the execution process of S505 may refer to the execution process of S402, and will not be described herein.
S506, the blockchain system determines at least one third key according to the at least one prediction filling information and the second key.
Optionally, the second key is filled according to each piece of predicted filling information, so as to obtain at least one third key.
It should be noted that, the execution process of S506 may refer to the execution process of S402, and will not be described herein.
S507, the block chain system acquires the hash value of each third key.
Alternatively, the hash value of each third key may be generated by a hash algorithm.
S508, the blockchain system determines a third key with the same hash value as the first key.
S509, the block chain system determines that the first user is in a password error.
In the embodiment shown in fig. 5, for the first key, key information of the first key is stored, and a user key corresponding to the first key is memorized by the user. The first secret key is difficult to crack according to the secret key information, so that the safety of secret key management is improved. Further, when the user needs to acquire the first key, the first key can be acquired according to the short user password, so that the convenience of key management is higher.
The method illustrated in the embodiment of fig. 4-5 will be described in detail below by way of specific examples.
Example 2, assume that the key information of the first key includes a hash value of 1, a hash value of 2, and a second key, wherein the second key is:
00001001000010010001000000001000010000000000110000000000000000000001111000000000011111000000000000110000000000000010000100000100100100100000010010000000000000000010000000000100000000001000000000000000100000000000000000010001000001000010000000100000100001
when the user needs to acquire the first key, the user enters a first user password 81110.
And generating a third hash value according to the first user password 81110 input by the user, and comparing whether the third hash value is the same as the hash value 2, if so, continuing to acquire the first secret key if the first user password is correct, and if not, failing to acquire the first secret key if the first user password is incorrect.
Assuming that the third hash value is the same as hash value 2, obtaining the predictive padding information according to the first user password: prediction padding information 1: {8:1, 11:0}, prediction padding information 2: {81:1,1:0}.
According to the predictive padding information 1, padding 1 between the 7 th bit and the 8 th bit in the second key and padding 0 between the 10 th bit and the 11 th bit, a third key is obtained and is recorded as a key 1.
According to the predictive padding information 2, 1 is padded before the 1 st bit in the second key, and 0 is padded between the 80 th bit and the 81 st bit, so as to obtain another third key, which is marked as a key 2.
The hash value of the key 1 and the hash value of the key 2 are obtained, and whether the hash value of the key 1 and the hash value 1 are identical and whether the hash value of the key 2 and the hash value 1 are identical are compared. Assuming that the hash value of the key 1 is the same as the hash value 1, determining that the first key is the key 1, where the key 1 is specifically:
0000100110000010010001000000001000010000000000110000000000000000000001111000000000011111000000000000110000000000000010000100000100100100100000010010000000000000000010000000000100000000001000000000000000100000000000000000010001000001000010000000100000100001
From the above, example 2 is the inverse of example 1, in which case secure storage of the key may be achieved, and in which case the key may be obtained uniquely and correctly in example 2. Not only the security of the key management is improved, but also the convenience of the key management is high.
It should be noted that the key management method described above may be applied to the transaction process of the digital certificate in the blockchain. For example, after the key corresponding to the digital certificate is generated, the key corresponding to the digital certificate may be stored and the user password may be memorized by the user according to the embodiments shown in fig. 2-3. When a user needs to conduct transaction according to the key of the digital certificate, the user can acquire the key corresponding to the digital certificate by inputting the user password, and conduct the transaction of the digital certificate according to the key corresponding to the digital certificate.
Fig. 6 is a schematic structural diagram of a key management device based on blockchain according to an embodiment of the present invention. Referring to fig. 6, the key management device 10 may include a first determination module 11, a generation module 12, a second determination module 13, and a storage module 14, wherein,
the first determining module 11 is configured to determine N characters in the first key to be stored, where N is an integer greater than 1;
The generating module 12 is configured to generate a user password according to the N characters and positions of the N characters in the first key;
the second determining module 13 is configured to determine key information corresponding to the first key according to the user password and the first key;
the storage module 14 is configured to store the key information.
The key management device provided by the embodiment of the invention can execute the technical scheme described in the embodiment of the method, and the implementation principle and the beneficial effects are similar, and are not repeated here.
In a possible embodiment, the second determining module 13 is specifically configured to:
removing N characters from the first key to be stored to obtain a second key;
acquiring a first hash value of the first key and a second hash value of the user password;
determining that the key information includes the first hash value, the second hash value, and the second key.
In one possible implementation, the generating module 12 is specifically configured to:
acquiring the position identifiers of the N characters in the first key;
and generating the user password according to the N characters and the position identifiers corresponding to the N characters.
In one possible implementation, the generating module 12 is specifically configured to:
and combining the N characters and the position identifiers corresponding to the N characters to obtain the user password.
Fig. 7 is a schematic structural diagram of another block chain-based key management device according to an embodiment of the present invention. Referring to fig. 7, the key management device 10 may further include a receiving module 15 and a third determining module 16, wherein,
the receiving module 15 is configured to receive a first user password input by a user;
the third determining module 16 is configured to determine the first key according to the first user password and the key information corresponding to the first key.
In one possible implementation, the third determining module 16 is specifically configured to:
generating a third hash value of the first user password;
and when the third hash value is the same as the second hash value in the key information, determining the first key according to the first user password and the key information corresponding to the first key.
In one possible implementation, the third determining module 16 is specifically configured to:
determining at least one piece of prediction filling information according to the first user password, wherein each piece of prediction filling information comprises N pieces of prediction characters and a position identifier of each prediction character in the first key;
Determining at least one third key from the at least one predicted population information and the second key in the key information;
and determining the first key according to the at least one third key and the first hash value in the key information.
In one possible implementation, the third determining module 16 is specifically configured to:
obtaining a hash value of each third key;
and determining a third key with the same hash value as the first key.
The key management device provided by the embodiment of the invention can execute the technical scheme described in the embodiment of the method, and the implementation principle and the beneficial effects are similar, and are not repeated here.
Fig. 8 is a schematic hardware structure diagram of a key management device based on blockchain according to an embodiment of the present invention, and as shown in fig. 8, the key management device 20 includes: at least one processor 21 and a memory 22. Wherein the processor 21 and the memory 22 are connected by a bus 23.
Optionally, the key management device 20 further comprises communication means. The communication means may comprise a transmitter and/or a receiver.
In a specific implementation, at least one processor 21 executes computer-executable instructions stored in the memory 22, so that the at least one processor 21 performs the key management method as described in the embodiments of fig. 2-5 above.
The specific implementation process of the processor 21 can be referred to as a method embodiment shown in fig. 2-5, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
In the embodiment shown in fig. 8, it should be understood that the processor may be a central processing unit (english: central Processing Unit, abbreviated as CPU), or may be other general purpose processors, digital signal processors (english: digital Signal Processor, abbreviated as DSP), application specific integrated circuits (english: application Specific Integrated Circuit, abbreviated as ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The memory may comprise high speed RAM memory or may further comprise non-volatile storage NVM, such as at least one disk memory.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (Peripheral Component, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or one type of bus.
The present application also provides a computer-readable storage medium having stored therein computer-executable instructions that, when executed by a processor, implement a blockchain-based key management method as described above.
The computer readable storage medium described above may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk. A readable storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.
An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. In the alternative, the readable storage medium may be integral to the processor. The processor and the readable storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuits, ASIC for short). The processor and the readable storage medium may reside as discrete components in a device.
The division of the units is merely a logic function division, and there may be another division manner when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention. Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (18)

1. A blockchain-based key management method, comprising:
the method comprises the steps that a block chain system determines N characters in a first key to be stored, wherein N is an integer greater than 1;
the blockchain system generates a user password according to the N characters and the positions of the N characters in the first key;
and the blockchain system determines key information corresponding to the first key according to the user password and the first key, and stores the key information.
2. The method of claim 1, wherein the blockchain system determining key information corresponding to the first key from the user password and the first key comprises:
The blockchain system removes N characters from the first key to be stored to obtain a second key;
the blockchain system acquires a first hash value of the first key and a second hash value of the user password;
the blockchain system determines that the key information includes the first hash value, the second hash value, and the second key.
3. The method of claim 1, wherein the blockchain system generates a user password based on the N characters and the positions of the N characters in the first key, comprising:
the blockchain system acquires the position identifiers of the N characters in the first key;
and the blockchain system generates the user password according to the N characters and the position identifiers corresponding to the N characters.
4. The method of claim 3, wherein the blockchain system generates the user password from the N characters and the location identities corresponding to the N characters, comprising:
and the blockchain system combines the N characters and the position identifiers corresponding to the N characters to obtain the user password.
5. The method according to any one of claims 1-4, further comprising:
The blockchain system receives a first user password input by a user;
the blockchain system determines the first key according to the first user password and the key information corresponding to the first key.
6. The method of claim 5, wherein the blockchain system determining the first key from the first user password and the key information corresponding to the first key comprises:
the blockchain system generating a third hash value of the first user password;
and when the third hash value is the same as the second hash value in the key information, the blockchain system determines the first key according to the first user password and the key information corresponding to the first key.
7. The method of claim 6, wherein the blockchain system determining the first key from the first user password and key information corresponding to the first key comprises:
the blockchain system determines at least one piece of prediction filling information according to the first user password, wherein each piece of prediction filling information comprises N pieces of prediction characters and a position identifier of each prediction character in the first key;
The blockchain system determines at least one third key according to the at least one prediction padding information and the second key in the key information;
the blockchain system determines the first key according to the at least one third key and a first hash value in the key information.
8. The method of claim 7, wherein the blockchain system determining the first key from the at least one third key and the first hash value comprises:
the blockchain system acquires a hash value of each third key;
the blockchain system determines a third key having a hash value that is the same as the first hash value as the first key.
9. A key management device based on a blockchain is characterized by comprising a first determining module, a generating module, a second determining module and a storage module, wherein,
the first determining module is used for determining N characters in a first key to be stored, wherein N is an integer greater than 1;
the generation module is used for generating a user password according to the N characters and the positions of the N characters in the first secret key;
the second determining module is used for determining key information corresponding to the first key according to the user password and the first key;
The storage module is used for storing the key information.
10. The apparatus of claim 9, wherein the second determining module is specifically configured to:
removing N characters from the first key to be stored to obtain a second key;
acquiring a first hash value of the first key and a second hash value of the user password;
determining that the key information includes the first hash value, the second hash value, and the second key.
11. The apparatus of claim 9, wherein the generating module is specifically configured to:
acquiring the position identifiers of the N characters in the first key;
and generating the user password according to the N characters and the position identifiers corresponding to the N characters.
12. The apparatus of claim 11, wherein the generating module is specifically configured to:
and combining the N characters and the position identifiers corresponding to the N characters to obtain the user password.
13. The apparatus according to any one of claims 9-12, further comprising a receiving module and a third determining module, wherein,
the receiving module is used for receiving a first user password input by a user;
The third determining module is configured to determine the first key according to the first user password and the key information corresponding to the first key.
14. The apparatus of claim 13, wherein the third determining module is specifically configured to:
generating a third hash value of the first user password;
and when the third hash value is the same as the second hash value in the key information, determining the first key according to the first user password and the key information corresponding to the first key.
15. The apparatus of claim 14, wherein the third determining module is specifically configured to:
determining at least one piece of prediction filling information according to the first user password, wherein each piece of prediction filling information comprises N pieces of prediction characters and a position identifier of each prediction character in the first key;
determining at least one third key from the at least one predicted population information and the second key in the key information;
and determining the first key according to the at least one third key and the first hash value in the key information.
16. The apparatus of claim 15, wherein the third determining module is specifically configured to:
Obtaining a hash value of each third key;
and determining a third key with the same hash value as the first key.
17. A blockchain-based key management device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing computer-executable instructions stored in the memory cause the at least one processor to perform the blockchain-based key management method of any of claims 1 to 8.
18. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor implement the blockchain-based key management method of any of claims 1 to 8.
CN201811526859.0A 2018-12-13 2018-12-13 Key management method, device and equipment based on blockchain Active CN111325545B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811526859.0A CN111325545B (en) 2018-12-13 2018-12-13 Key management method, device and equipment based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811526859.0A CN111325545B (en) 2018-12-13 2018-12-13 Key management method, device and equipment based on blockchain

Publications (2)

Publication Number Publication Date
CN111325545A CN111325545A (en) 2020-06-23
CN111325545B true CN111325545B (en) 2023-05-02

Family

ID=71172218

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811526859.0A Active CN111325545B (en) 2018-12-13 2018-12-13 Key management method, device and equipment based on blockchain

Country Status (1)

Country Link
CN (1) CN111325545B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340279A (en) * 2008-07-09 2009-01-07 深圳市金蝶移动互联技术有限公司 Method, system and apparatus for data ciphering and deciphering
CN104584509A (en) * 2014-12-31 2015-04-29 深圳大学 An access control method, a device and a system for shared data
CN106452845A (en) * 2016-09-20 2017-02-22 飞天诚信科技股份有限公司 Online unlocking implementation method and apparatus
JP2018010237A (en) * 2016-07-15 2018-01-18 コニカミノルタ株式会社 Encryption device, decryption device, decryption method, computer program, data structure, and storage medium
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques
CN107919954A (en) * 2017-10-20 2018-04-17 浙江大学 A kind of block chain user key guard method and device based on SGX
CN108833093A (en) * 2018-06-14 2018-11-16 百度在线网络技术(北京)有限公司 Determination method, apparatus, equipment and the storage medium of account key
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8681976B2 (en) * 2011-05-12 2014-03-25 Apple Inc. System and method for device dependent and rate limited key generation
US20180131511A1 (en) * 2016-08-03 2018-05-10 James Taylor Systems and Methods for Dynamic Cypher Key Management

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340279A (en) * 2008-07-09 2009-01-07 深圳市金蝶移动互联技术有限公司 Method, system and apparatus for data ciphering and deciphering
CN104584509A (en) * 2014-12-31 2015-04-29 深圳大学 An access control method, a device and a system for shared data
JP2018010237A (en) * 2016-07-15 2018-01-18 コニカミノルタ株式会社 Encryption device, decryption device, decryption method, computer program, data structure, and storage medium
CN106452845A (en) * 2016-09-20 2017-02-22 飞天诚信科技股份有限公司 Online unlocking implementation method and apparatus
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques
CN107919954A (en) * 2017-10-20 2018-04-17 浙江大学 A kind of block chain user key guard method and device based on SGX
CN108833093A (en) * 2018-06-14 2018-11-16 百度在线网络技术(北京)有限公司 Determination method, apparatus, equipment and the storage medium of account key
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
RTS/RRS-0315.TECHNICAL SPECIFICATION Reconfigurable Radio Systems (RRS) *
Security requirements for reconfigurable radios.ETSI TS 103 436.2018,(第V1.2.1期),全文. *
Xinsheng JI ; Kaizhi HUANG ; Liang JIN ; Hongbo TANG ; Caixia LIU ; Zhou ZHONG ; Wei YOU ; Xiaoming XU ; Hua ZHAO ; Jiangxing WU ; Ming YI ; .Overview of 5G security technology.Science China(Information Sciences).2018,(第08期),全文. *

Also Published As

Publication number Publication date
CN111325545A (en) 2020-06-23

Similar Documents

Publication Publication Date Title
JP6030925B2 (en) Semiconductor device and information processing system
KR102182894B1 (en) USER DEVICE PERFORMING PASSWROD BASED AUTHENTICATION AND PASSWORD Registration AND AUTHENTICATION METHOD THEREOF
EP3316160A1 (en) Authentication method and apparatus for reinforced software
EP3384417B1 (en) A method and system for securing a client's access to a drm agent's services for a video player
US20200076592A1 (en) Method for generating seed and device thereof
CN110445792B (en) Verification code generation method and verification code login system
CN111404892B (en) Data supervision method and device and server
JP6273226B2 (en) Encryption system, authentication system, encryption device, decryption device, authenticator generation device, verification device, encryption method, authentication method
CN114430346A (en) Login method and device and electronic equipment
CN111325545B (en) Key management method, device and equipment based on blockchain
CN109951275B (en) Key generation method and device, computer equipment and storage medium
CN109302442B (en) Data storage proving method and related equipment
KR102024379B1 (en) Data transmission apparatus capable of digital signature based on biometric information and operating method thereof
CN107391970B (en) Function access control method and device in Flash application program
CN112699366B (en) Cross-platform login-free secure communication method and device and electronic equipment
CN115086008A (en) Method and device for realizing password security protection, storage medium and electronic equipment
JP6273224B2 (en) ENCRYPTION SYSTEM, ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD
JP2005227331A (en) Secret information management system, secret information management method, and secret information management program
CN116566744B (en) Data processing method and security verification system
CN112737790B (en) Data transmission method and device, server and client terminal
CN116094829A (en) Front-end and back-end based data encryption storage method, system, equipment and storage medium
CN116188009A (en) National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium
CN116232733A (en) Fingerprint security login method and terminal of cloud computer
JP6273225B2 (en) ENCRYPTION SYSTEM, ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, ENCRYPTION PROGRAM, DECRYPTION PROGRAM
CN114584310A (en) Identity verification method, device, equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant